<?php
include "inc-config.php";
include "inc-header.php"; ?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="8" height="6px" background="images/blizzMenu/blue/rb-tleft.gif"></td>
    <td background="images/blizzMenu/blue/top.gif"></td>
    <td background="images/blizzMenu/blue/rb-tright1.gif"></td>
  </tr>
  <tr>
    <td background="images/blizzMenu/blue/rb-side.jpg" style="background-repeat:repeat-y; background-position:left"  bgcolor="#122031"></td>
    <td  bgcolor="#122031" style="color:#FFFFFF"><?php
   if(isset($_SESSION['user'])){
     if(isset($_POST['submit'])) {
      $char=$_POST['char'];
      $itemid=$_POST['idofitem'];
	  $cost=$_POST["$itemid"];
	  $name=$_POST["2$itemid"];
	  $charges=$_POST["3$itemid"];
	     if ($_POST['idofitem'] && $_POST['char']) {
		   
		     //**********GETTING USER INFO*******************
			 $user=$_SESSION['user']; 
			 $getuser="SELECT * from b_users where username='$user'";
             $getuser2=mysql_query($getuser, $forum) or die("Could not get user info1");
			 $getuser3=mysql_fetch_array($getuser2);
			 $mehave=$getuser3[points]+1;
		   if ($mehave<=$cost) {print "Sorry not enough points, you have $getuser3[points] and item costs $cost points.";} else {
		   	 //***********REDUCING POINTS******************
			 $mpoint=$getuser3[points]-$cost;
			 $minus="UPDATE b_users set points='$mpoint' where username='$user'";
			 mysql_query($minus, $forum) or die("Error: ".mysql_error());
             //*********GETTING CHAR INFO*******************
			 $SQLawow ="SELECT * from characters where guid='$char'";
	         $SQLawow2=mysql_query($SQLawow, $char) or die("Could not get user char info2");
	         $SQLawow3=mysql_fetch_array($SQLawow2);

			 //********GETTING MAX from PLAYERITEMS********
			 $value="SELECT MAX(guid) as guid FROM playeritems";
			 $value2=mysql_query($value, $char) or die("Error: ".mysql_error());
			 $value3=mysql_fetch_array($value2);
			 $maxguid0=$value3[guid]+200;
			 //$maxguid="9999999".$itemid.$maxguid0;//this is max value
			 //*********ADDING ITEM************************
			 $itemadd="INSERT INTO playeritems (ownerguid,guid,entry,count,charges,durability) VALUES ('0','$maxguid0','$itemid','1','$charges','5000')";
			 mysql_query($itemadd) or die("Error 11: ".mysql_error()); // item added
			 $itemselect="SELECT guid FROM playeritems WHERE ownerguid='0' AND entry='$itemid' AND count='1' AND durability='5000' AND guid='$maxguid0'";
			 $itemselect2=mysql_query($itemselect, $char) or die("Error 12: ".mysql_error()); // item selected
			 $itemselect3=mysql_fetch_array($itemselect2);
			 $itemselect4=$itemselect3[0]; //final item guid
			 //********GETTING MAX from MAILS**************
			 $avalue="SELECT MAX(message_id) as message_id FROM mailbox";
			 $avalue2=mysql_query($avalue, $char) or die("Error: ".mysql_error());
			 $avalue3=mysql_fetch_array($avalue2);
			 $amaxguid=$avalue3[message_id]+4;//this is max value
			 //*********SENDING MAIL************************
			 $time = date("m-d-Y, h:i");
			 $body="Thank you for shopping with Mystika WoW, enjoy your new reward.

If something goes wrong or you got wrong item please print screen this message (with item still attached on it) and contact Game Master, after that he/she will give you correct item.";
             $subject="$name ->[ $itemselect4 ] $time -> ($itemid)";
             $mail="insert into mailbox (message_id,player_guid,sender_guid,subject,body,attached_item_guids,stationary) values ('$amaxguid','$SQLawow3[guid]','0','$subject','$body','".$itemselect4.",','$mailco')";
			 mysql_query($mail) or die("Could not send mail");
			 
			 print "<center>Mail Sent! <a href='shop.php'>Go Back</a></center>";
			 //*****************************************			 
			 } }
	    else {print "<center>No Character or no Item selected. <a href='shop.php'>Go Back</a></center>";}
   } else {
//***********************
    echo "<center><br><span style='font-size: 18px; font-family:Century Gothic, Arial, Helvetica; color:#ffffff' >Buy Items</span><br><br>";

			$getitems = "select * from b_shop order by cat,sort,cost $item";
			$getitems2 =mysql_query($getitems, $forum) or die ("error");
			print "<form name='radio' method='post' action='shop.php'>";
			print "<table align='center' width='400px'><tr><td align='left'><strong>Item:</strong></td><td align='center'><strong>Costs Points:</strong></td>";
			while ($getitems3=mysql_fetch_array($getitems2))
			{
			if ($getitems3[sep]=="0") {
			print "<tr><td align='left'><input type='radio' name='idofitem' value='$getitems3[itemid]' />";
			print "<input name='$getitems3[itemid]' type='hidden' value='$getitems3[cost]' />";
			print "<input name='2$getitems3[itemid]' type='hidden' value='$getitems3[name]' />";
			print "<input name='3$getitems3[itemid]' type='hidden' value='$getitems3[charges]' />";
			print "<a href='#' type='http://www.wowhead.com/?item=$getitems3[itemid]' style='color: $getitems3[color];' onclick='return false;'>$getitems3[name]</a>";
			print "</td><td align='right'>$getitems3[cost] Points</td></tr>";
			} else { 
			print "<tr><td align='left'>";
			print "<font color='$getitems3[color]'>$getitems3[name]</font>";
			print "</td><td align='right'></td></tr>";
			}
			}
			print "</td></tr></table>";
			//***START DROPDOWN****(c)axe
			$user=$_SESSION['user'];
			$getuser="SELECT * from b_users a, b_templates b where b.templateid=a.templateclass and a.username='$user'";
			$getuser2=mysql_query($getuser) or die("Could not get user info");
			$getuser3=mysql_fetch_array($getuser2);
			$SQLwow ="SELECT * from accounts where login='$getuser3[username]'";
			$SQLwow2=mysql_query($SQLwow) or die("Could not get user char info".mysql_error());
			$SQLwow3=mysql_fetch_array($SQLwow2);
			$SQLawow ="SELECT * from characters where acct='$SQLwow3[acct]'";
			$char=mysql_query($SQLawow) or die("Could not get user char info");
			print "<br>Mail item to <select name='char' style=' background-color:#000033; color:#FFFFFF; border: 1px solid #333333'>";
			while ($char2=mysql_fetch_array($char))
		     {
			 if ($char2[guid]==$getuser3[charid]) {
			        print "<option selected='selected' value='$char2[guid]'>-> $char2[name]</option>";
		   } else  {
			        print "<option value='$char2[guid]'>$char2[name]</option>";
			       }
			 }
		  print "</select><br><br>Items travel up to 2 minutes to your ingame mail box.<br>You must relog your character to get mail.<br>";
          //******END DROPDOWN********
			print "You have <strong>$getuser3[points]</strong> points.<br>";
            print "<br><input type='submit' value='Send Me Item' name='submit' style='background-color:#000033; color:#FFFFFF; border: 1px solid #333333'><br>";	
			//print "<font='lightred'><strong>We are fixing shop at this moment, it will be up soon.</strong></font>";
			print "</form><br>";
//************************
   }
} else {print "<center>You can't use enter shop becouse you are not logged in.</center>";}
   ?></td>
    <td width="8"  background="images/blizzMenu/blue/rb-side.jpg" style="background-repeat:repeat-y; background-position:right" bgcolor="#122031"></td>
  </tr>
  <tr>
    <td height="6px" background="images/blizzMenu/blue/rb-bleft.gif"></td>
    <td  background="images/blizzMenu/blue/bot.gif"></td>
    <td background="images/blizzMenu/blue/rb-bright1.gif"></td>
  </tr>
</table>
<? include "inc-footer.php"; ?>